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DETAILED ACTION 
Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including the fee set forth in 
37 CFR 1 .17(e), was filed in this application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1 .17(e) 
has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 
37 CFR 1.1 14. Applicant's submission filed on September 2, 2008 has been entered. 

2. Claims 1-8, 10-17, 19-26, 28-38, 41and 42 are pending. 

Response to Arguments 

3. Applicant's arguments with respect to the claims have been considered but are moot in 
view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S. C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

5. Claims 1, 2, 7, 8, 10,11, 16, 17, 19, 20, 25, 26 32, 33, 38 and 41 are rejected under 35 
U.S.C. 103(a) as being unpatentable over US Publication No. 2005/0021781 to Sunder et al. 
("Sunder") in view of US Pubhcation No. 2004/0158532 to Breck et al. ("Breck"). 



Application/Control Number: 1 0/705 ,2 1 2 Page 3 

Art Unit: 3685 

Referring to claim 1 , Sunder discloses receive an authentication request from a 
cardholder system (i.e. client device)(see paragraphs [0005] & [0007]), forward the 
authentication request to an access confrol server (see paragraph [0008]), relay authentication 
information between the access confrol server and the cardholder system receive an 
authentication response from the access confrol server and forward the authentication response to 
the cardholder system (see paragraphs [[0010] &[001 1]). Sunder does not expressly disclose 
wherein the authentication request was previously forward using an HTTP redirect command 
comprising the address of the cenfral fransaction server, wherein the authentication request 
includes a pseudonym corresponding to an electronic commerce card account number, wherein 
the pseudonym expires after a predetermined period of time and wherein the central transaction 
server initiates a payment request process. Breck discloses wherein the authentication request 
was previously forward using an HTTP redirect contmiand comprising the address of the cenfral 
fransaction server (see paragraph [0070]), wherein the authentication request includes a 
pseudonjon corresponding to an electronic commerce card account number, wherein the 
pseudonym expires after a predetermined period of time (see paragraphs [0080], [0048], and 
[0056]) and wherein the cenfral fransaction server initiates a payment request process(see 
paragraph [0091]) At the time the invention was made, it would have been obvious to a person 
of ordinary skill in the art to modify the system disclose by Sunder to include the elements taught 
by Breck. One of ordinary skill in the art would have been motivated to do this because it 
provides an additional level of security. 

Referring to claim 2, Sunder discloses and elecfronic commerce card authentication 
system (see claim 1 above). Sunder does not expressly discloses the system wherein the 
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authentication response is translated to a format compatible with a merchant system. Breck 
discloses the system wherein the authentication response is translated to a format compatible 
with a merchant system (see paragraphs [0054] and [0082]). At the time the invention was made, 
it would have been obvious to a person of ordinary skill in the art to modify the system disclose 
by Sunder to include the elements of Breck. One of ordinary skill in the art would have been 
motivated to do this because it provides a means for the merchant system to read and process the 
message. 

Referring to claims 7 and 8, Sunder discloses an electronic commerce card authentication 
system (see claim 1 above). Sunder does not expressly disclose wherein a pseudonym was 
previously created by the central transaction server or the pseudonym was created by a merchant 
system. Breck discloses the system wherein a pseudonym was previously created by the central 
transaction server or the pseudonym was created by a merchant system (see claim 1 above and 
paragraph [0052]). 

Claims 10, 19, 32 and 33 are rejected on the same rationale as claim 1 above. 
Claims 1 1 and 20 are rejected on the same rationale as claim 2 above. 
Claims 16 and 25 are rejected on the same rationale as claim 7 above. 
Claims 17 and 26 are rejected on the same rationale as claim 8 above. 

Referring to claim 38, Sunder discloses an authentication server (see claim 1 above). 
Sunder does not expressly disclose the server hosts at least one web page. Breck discloses an 
authentication server that hosts at least one web page (see claim 1 above). At the time the 
invention was made, it would have been obvious to a person of ordinary skill in the art to modify 
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the system disclose by Sunder to include the process where the authentication server hosts at 
least one web page. One of ordinary skill in the art would have been motivated to do this because 
it provides an additional level of security. 

Referring to claim 41, Sunder discloses an authentication server (see claim 1 above). 
Sunder does not expressly disclose a pseudonym with the predetermined time in five minutes. 
Breck discloses the pseudonym with a predetermined time, but does not explicitly state that the 
time is in five minutes (see claim 1 above). However, this difference is only found in the 
nonfimctional descriptive material and is not fiinctionally involved in the steps recited. The 
feature where the central transaction server receives a request would be performed the same 
regardless of the data. Thus, this descriptive material will not distinguish the claimed invention 
from the prior art in terms of patentability, see In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 
401, 404 (Fed. Cir. 1983); In re Lowry, 32 F.3d 1579, 32 UPSQ2d 1031 (Fed. Cir. 1994). 
Therefore, it would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to receive a request including any type of data because such data does not 
fimctionally relate to the steps in the method claimed and because the subjective interpretation of 
the data does not patentably distinguish the claimed invention. 

6. Claim 3, 12 and 21 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Sunder and Breck as applied to claims 1,10 and, 19 above, and fiirther in view of U.S. 
Publication No. 2003/0046541 to Gerdes et al. ("Gerdes"). 

Referring to claim 3, Sunder discloses an electronic commerce card authentication system 
(see claim 1 above). Sunder does not expressly disclose wherein the central transaction server is 
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adapted to forward a copy of the authentication response to an authentication history server to be 
archived. Gerdes discloses a central transaction server that forwards a copy of an authentication 
response to an authentication history server to be archived (see paragraph [0057]). At the time 
the invention was made, it would have been obvious to a person of ordinary skill in the art to 
modify the system disclose by Sunder to include a copy of the authentication response to an 
authentication history server. One of ordinary skill in the art would have been motivated to do 
this because it provides a history of authentication transaction (see paragraph [0057] of Gerdes). 

Claims 12 and 21 are rejected on the same rationale as claim 3 above. 

7. Claims 4-6, 13-15, 22-24, and 28 -3 1 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Sunder and Breck as applied to claims 1,10 above, and further in view of US 
Publication No. 2004/0254848 to Golan et al. ("Golan"). 

Referring to claims 4 and 5, Sunder discloses the electronic commerce card 
authentication system (see claim 1 above). Sunder does not expressly disclose wherein the 
central transaction server fiirther receives a verifying enrollment request from a directory server, 
and to send a verifying enrollment response to the directory server; wherein the central 
transaction server is sends the verifying enrollment response in response to a query to the access 
control server. Golan discloses wherein the central transaction server further receives a 
verifying enrollment request from a directory server, and to send a verifying enrollment response 
to the directory server; wherein the central transaction server is adapted to send the verifying 
enrollment response in response to a query to the access control server (see paragraphs [0094]- 
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[0097] & claims 5,6). At the time the invention was made, it would have been obvious to a 
person of ordinary skill in the art to modify the system disclose by Sunder to include the system 
wherein the central transaction server receives a verifying enrollment request fi-om a directory 
server, and to send a verifying enrollment response to the directory server; wherein the central 
transaction server sends the verifying enrollment response in response to a query to the access 
control server. One of ordinary skill in the art would have been motivated to do this because 
provides an additional level of verification, thereby securing the system. 

Referring to claim 6, Sunder discloses the electronic commerce card authentication 
system (see claim 1 above). Sunder does not expressly disclose the central transaction server is 
adapted to send the verifying enrollment response to the directory server with or without 
querjdng the access control server, and is fiirther adapted to query the access control server in 
response to receiving an authentication request. Golan discloses the central transaction server is 
adapted to send the verifying enrollment response to the directory server with or without 
querjdng the access control server, and is further adapted to query the access control server in 
response to receiving an authentication request (see paragraphs [0099] & [0100]). At the time 
the invention was made, it would have been obvious to a person of ordinary skill in the art to 
modify the system disclose by Sunder to include the system wherein the central transaction 
server is adapted to send the verifying enrollment response to the directory server with or 
without querying the access control server, and is fiirther adapted to query the access control 
server in response to receiving an authentication request. One of ordinary skill in the art would 
have been motivated to do this because provides an additional level of verification, thereby 
securing the system. 
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Claims 13, 22, 28, and 30 are rejected on the same rationale as claim 4 above. 

Claims 14 and 23 are rejected on the same rationale as claim 5 above. 

Claims 15 and 24 are rejected on the same rationale as claims 6 above. 

Referring to claims 29 and 31, Sunder discloses the electronic commerce card 
authentication system (see claims 28 and 30 respectively above). Sunder does not expressly 
disclose modifying the verifying enrollment request from a directory server, and forwarding the 
modified verifying enrollment response to the directory server. Golan discloses receiving a 
verifying enrollment request from a directory server, and to send a verifying enrollment response 
to the directory server and sending the verifying enrollment response in response to a query to 
the access control server (see paragraphs [0094]-[0097] & claims 5,6). Golan does not teach the 
request being modified; however, the concept of modifying data is well known in the art of data 
processing. Thus, at the time the invention was made, it would have been obvious to a person of 
ordinary skill in the art to modify the system disclose by Sunder to include the steps of disclose 
receiving a verifying enrollment request from a directory server, and to send a verifying 
enrollment response to the directory server and sending the verifying enrollment response in 
response to a query to the access confrol server. One of ordinary skill in the art would have been 
motivated to do this because provides an additional level of verification, thereby securing the 
system. 

8. Claims 34- 37 are rejected under 35 U.S.C. 103(a) as being unpatentable over to Sunder 
and Breck in view of Golan. 

Referring to claim 34, Sunder discloses receiving an authentication request from a holder 
system (i.e. client device) (see paragraphs [0005] & [0007]), sending the authentication request 
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with the pseudonym to the access control server (see paragraph [0008]), receiving an 
authentication response and sending the authentication response to the holder system (see 
paragraphs [[0010] & [001 1]). Sunder does not expressly disclose receiving a verifying 
enrollment request, sending the verifying enrolhnent response to an access control server, 
receiving a verifying enrollment response from the access control server, creating an altered 
verifying enrolling response comprising a pseudonym, sending the altered verifying enrollment 
response to a merchant system, wherein the merchant system subsequently sends an 
authentication request including the pseudonym to a holder system, wherein the authentication 
request including the pseudonym sent to the holder system further comprises a web page 
containing a redirect command, wherein the redirect command is an HTTP redirect command, 
comprising the address of the central transaction server, wherein the pseudonym expires after a 
predetermined period of time. Golan discloses receiving a verifying enrollment request, sending 
the verifying enrollment response to an access control server, receiving a verifying enrollment 
response ft-om the access control server (see paragraphs [0094] - [0097] & claims 5,6). Breck 
discloses creating an altered verifying enrolling response comprising a pseudonym, sending the 
altered verifying enrollment response to a merchant system, wherein the merchant system 
subsequently sends an authentication request including the pseudonym to a holder system, 
wherein the authentication request including the pseudonym sent to the holder system further 
comprises a web page containing a redirect command, wherein the redirect command is an 
HTTP redirect command, comprising the address of the central transaction server, wherein the 
pseudonym expires after a predetermined period of time (see paragraphs [0048], [0058], [0079], 
and [0080]). At the time the invention was made, it would have been obvious to a person of 
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ordinary skill in the art to modify the system disclose by Sunder to include the elements taught 
by Golan and Breck. One of ordinary skill in the art would have been motivated to do this 
because it provides an additional level of security. 

As for claims 35-37, Sunder teaches these steps (see claim 34 above). 

Conclusion 

9. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

• US Patent No. 7398253 to Pinnell. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jalatee Worjloh whose telephone number is 571-272-6714. The 
examiner can normally be reached on Monday - Friday 10:00-6:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Calvin Hewitt II can be reached on 571-272-6709. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300 for regular 
communications and 571-273-6714 for Non-Official /Draft. 
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Information regarding the status of an application may be obtained from tlie Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Jalatee Worjloh/ 

Primary Examiner, Art Unit 3685 



